Nor-Tech Addresses Fixes for Intel Spectre and Meltdown Exploits in CRN
Our own VP of Engineering, Dom Daninger, was just featured in a CRN article by Dylan Martin on the Intel Spectre exploit. Here is the article in its entirety:
Intel said earlier this week that it doesn’t plan to patch the Spectre variant 2 flaw in some of its older processors.
The Santa Clara, Calif.-based company said last month that it had issued microcode updates to mitigate the Meltdown and Spectre vulnerabilities for CPUs that were released in the past five years. But the company now indicates that certain older processor families won’t receive any fixes.
In a new Microcode Revision Guidance, dated April 2, the Santa Clara, Calif.-based company said it had stopped production on microcode updates for older Core, Pentium, Celeron and Xeon processors. The impacted CPU families include Jasper Forest, Yorkfield, Yorkfield Xeon, Bloomfield, Bloomfield Xeon, Clarksfield and Gulftown.
“We’ve now completed release of microcode updates for Intel microprocessor products launched in the last nine-plus years that required protection against the side-channel vulnerabilities discovered by Google,” Intel said in a statement to CRN. “However, as indicated in our last Microcode Revision Guidance, we will not be providing updated microcode for a select number of older platforms for several reasons, including limited ecosystem support and customer feedback.”
Bob Venero, CEO of Future Tech, a Holbrook, N.Y.-based solution provider and Intel partner, told CRN that while his enterprise customers likely won’t be impacted, he found the news concerning, especially for smaller companies that don’t update their systems as often.
“For the companies that don’t need to stay with the latest and greatest, that’s going to be a fairly big impact for them risk-wise, assuming someone comes out with an actual attack,” he said. “I don’t see it from a major global threat perspective, but it is something when you look at what has been designed and created by Intel, the fact that they’re unable — and that’s the question, ‘unable or unwilling?’ — to patch those platforms is concerning, because what about the next potential flaw or risk?”